package com.lottery.bootdo.system.config;



import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.lottery.bootdo.system.shiro.UserRealm;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @author furutaka
 */
@Configuration
public class ShiroConfig {

    /**
     * 安全管理器
     */
//	@Bean
//	public DefaultWebSecurityManager securityManager(SessionManager sessionManager) {
//		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//		securityManager.setRealm(this.shiroDbRealm());
//		securityManager.setSessionManager(sessionManager);
//		return securityManager;
//	}
    /**
     * ShiroDialect，为了在thymeleaf里使用shiro的标签的bean
     *
     * @return
     */
    @Bean(name = "shiroDialect")

    public ShiroDialect shiroDialect(){
        return new ShiroDialect();

    }


    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SessionManager sessionManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(this.shiroDbRealm());
        securityManager.setSessionManager(sessionManager);

        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
        shiroFilter.setSecurityManager(securityManager);
        /**
         * 默认的登陆访问url
         */
        shiroFilter.setLoginUrl("/login");
        /**
         * 登陆成功后跳转的url
         */
        shiroFilter.setSuccessUrl("/index");
        /**
         * 没有权限跳转的url
         */
        shiroFilter.setUnauthorizedUrl("/403");

        /**
         * 配置shiro拦截器链
         *
         * anon  不需要认证
         * authc 需要认证
         * user  验证通过或RememberMe登录的都可以
         *
         * 当应用开启了rememberMe时,用户下次访问时可以是一个user,但不会是authc,因为authc是需要重新认证的
         *
         */
        Map<String, String> hashMap = new LinkedHashMap<>();
        hashMap.put("/login","anon");
        hashMap.put("/getVerify","anon");
        hashMap.put("/css/**", "anon");
        hashMap.put("/js/**", "anon");
        hashMap.put("/fonts/**", "anon");
        hashMap.put("/img/**", "anon");
        hashMap.put("/docs/**", "anon");
        hashMap.put("/druid/**", "anon");
        hashMap.put("/upload/**", "anon");
        hashMap.put("/files/**", "anon");
        hashMap.put("/logout", "logout");
        hashMap.put("/", "anon");
        hashMap.put("/blog", "anon");
        hashMap.put("/blog/open/**", "anon");
        hashMap.put("/**", "authc");

        shiroFilter.setFilterChainDefinitionMap(hashMap);
        return shiroFilter;
    }
//
//

    @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }

    /**
     * 启用shrio授权注解拦截方式，AOP式方法级权限检查
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SessionManager sessionManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(this.shiroDbRealm());
        securityManager.setSessionManager(sessionManager);

        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor =
                new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

//
//	@Bean
//	public ShiroFilterChainDefinition shiroFilterChainDefinition() {
//		DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
//
//		// logged in users with the 'admin' role
//		chainDefinition.addPathDefinition("/member/login", "anon");
//		chainDefinition.addPathDefinition("member/login", "anon");
//		chainDefinition.addPathDefinition("/login", "anon");
//		chainDefinition.addPathDefinition("login", "anon");
//
//		return chainDefinition;
//	}

    /**
     * 项目自定义的Realm
     */
    @Bean
    public Realm shiroDbRealm() {
        return new UserRealm();
    }
    @Bean
    protected CacheManager cacheManager() {
        return new MemoryConstrainedCacheManager();
    }



}